Yes, my game is rather small (averaging 350-500 players during peak demand) and they’re all crammed into 100 player servers, which probably makes it significantly easier to crash the servers.
So again… best way to get in contact with Roblox engineers? Or does anyone have a better idea as to how I can fix this mess… I’m stumped.
The game has no tools or right grips at all?? I guess this would explain why when I tried to set all the tools in the game to not require a handle they could still crash it.
Correct, I have a custom implementation of tools that doesn’t use RightGrips or the Tool instances at all. Instead I use a Motor6D for gripping of the custom tools and to allow for simple animation. So given the output I’ve had from the server, I’m guessing they’re not doing anything with the Motor6Ds I use.
As you mentioned above - this is unlikely caused by crash executed by exploiter (since nobody was in gmae with you). The post was complete reply to @Hexcede . Let me repeat the latest request - Have you tried on 1 player server? Does the same happen on baseplate?
You can’t get in contact directly with particular Roblox engineers. The only thing you can do is post here after PA process. You could eventually try Support - Roblox
I’ll definitely try one player servers and publishing a baseplate next time the exploiter decides to crash my servers and I’ll get back to you with results.
The game owner, @SoulJem, and I have already emailed Roblox support regarding this issue. As you mentioned, they thought I was a player and sent SoulJem developer tutorials but didn’t forward us to any particular engineer or team member who would take on our case.
I don’t know if this is still revelvant but a little while back saw this post, basically the OP was showed how servers were crashed using a program called wireshark. Again, I don’t know the legitimacy of this or if it is still relevant but the thread might be worth looking into.
This is incorrect. The weld kind of crashes happen due to an internal engine error (in this case presumably running out of memory/gc issues when removing a lot of instances at once) which doesn’t use as much bandwidth, while a DDoS attack requires a TON of speed, bandwidth and computers, not to mention roblox servers can (and probably do) temp-block IPs that send a lot of data too fast.
You can’t tell whether it’s a “soft crash” or a “hard crash” basing on the player count. If a server is overloaded/crashed, it can’t report back the current player list, so the site displays the last player list it received, eventually turning it into 0, soon after which the server disappears from the list. It has been the case for all kinds of server crashes for as far as I can remember.
I do not believe that this is related to this exploit. I believe these are two unrelated but similar crashes. As said above, nothing is outputted into the logs, and no players join. It would be impossible to perform this exploit without the player having a character, thus it could not be performed as quickly as it has been.
Saying this was a DoS or DDoS attack is misinformation. While booting a Roblox server used to be trivial, the amount of resources (and therefore money) it would take to do that now pretty much eliminates any chance that this is the case.
From what I can pick up on from this post, the exploiter(s) are doing this (whatever you think it is) many times. The sheer cost that would be accumulated by doing this would remove any point, especially when someone can target a much larger place.
The far more likely scenario is someone using another iteration of the age-old method of crashing servers. Almost anything character-based that replicates to the server has been used maliciously to crash a server and that is what’s happening here.
This is incorrect. Doing the method mentioned just above would be far more intensive to a game server than shooting packets at it. Spamming parts and/or welds will overwhelm physics and other aspects of the engine. Doing it enough will simply use up too many resources for the server to handle, thus crashing it.
The fact that a crash exploit was literally just leaked on Vermillion pushes my point that this isn’t a DDoS (or DoS) attack even more.
The site simply removes entries for servers that do not report data. The fact that the player count is shown as zero gauruntees that the server actually reported zero players, and additionally, it must have also reported server heartbeat which is used to display the “slow servers” message. You can view the heartbeat of any server using the same request the website makes, and the fact that servers are even shown shows that they are indeed reporting information, otherwise they’d be removed from the query. This may actually serve as a useful piece of info as it would give us a rough estimate of the server’s CPU usage. If this were a hard crash the last heartbeat reported would be 60, and the players in game would be reported as well, otherwise it would be very low.
@grilme99 Now that I’ve thought about it, it’s definitely true that DoSing a server definitely would take more resources than a crash in game might due to higher CPU usage on the server, however the timings vs data size for a DoS and replication would be similar to this situation based on my knowledge.
The issue with the V3rmillion crash is that it requires the player to have loaded their character. This takes about 3-5 seconds, and that’s 3-5 seconds for the player name to be logged not to mention the amount of errors which would be spammed. The speed at which the server crashes appears to be within a second or two based on discussion above.
I did not see what you were replying to, my bad. The explanation you gave isn’t how the exploit works though, it’s like pseudo code. The actual exploit you were explaining, is well, exploiting welds, but it shouldn’t use Clone or anything since this shouldn’t have the effect it is (otherwise Clone would be super broken) which is why seeing the actual script and what it does would be important in figuring out exactly what it’s doing to cause this weird replication crash.
One thing I’d like to mention is that sometimes after entering a fresh server while he’s attacking my game, the server can crash immediately after starting up and the server scripts don’t even have time to load up in the developer console, nothing outputs, the developer console is completely frozen with almost no information in it. Even with the information in the console it doesn’t show anything abnormal with the server.
What I’m saying is that sometimes it doesn’t even take 3-5 seconds to crash, it can crash almost instantly after you join the server with no evidence of another player joining which makes this an even more bizarre issue.
I would like to keep this thread alive as this is currently still a problem.
Even as I type the servers are getting crashed instantly.
As someone who is personally working on this, the response time of the crashing to the server being created is too fast for any abuse to be happening on the game itself that could be added in by user error or just a insecure remote as we already tried monitoring remotes for the crash. I would like to emphasize that the crashing doesn’t occur in private servers or when the game is private and they join the server, but the second the game is made public the response time of the crash from the newly created server when the game was private is about 1 second or less. I firmly believe this is some sort of API abuse, the only other possible cause is just a plain old DDoS attack which is unlikely. Emailing ROBLOX support proved no help asking us for “screenshots” of the issue like we already know what’s causing it.
It’s just a problem of figuring out which API is being abused, the people causing this are being very vague of what they’re using and the only thing they would response is a API surrounding UIs, of course we already scanned the game of all GetService for any oudated/unused services with no luck.